templates/getafsgroups.py

   1 #!/usr/bin/python
   2 import pprint
   3 import subprocess
   4
   5 # import ldap
   6 # l = ldap.open("W92-130-LDAP-2.mit.edu")
   7 # # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
   8 # l.simple_bind_s("", "")
   9
  10 # def getLdapGroups(user):
  11 #     """
  12 #     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
  13 #     """
  14 #     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  15 #         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
  16 #             yield group_data[1]['cn'][0]
  17
  18 # def checkLdapGroups(user, group):
  19 #     """
  20 #     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
  21 #     """
  22 #     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  23 #         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
  24 #             return True
  25 #     return False
  26
  27 def checkAfsGroup(user, group, cell):
  28     """
  29     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
  30     """
  31     p = subprocess.Popen(["pts", "membership", group, '-c', cell],
  32                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  33     if p.wait():
  34         return False
  35     for line in p.stdout.readlines()[1:]:
  36         if line.strip() == user:
  37             return True
  38     return False
  39
  40 def checkLockerOwner(user, locker, verbose=False):
  41     """
  42     checkLockerOwner(user, locker) returns True if and only if user administers locker
  43     """
  44     p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker],
  45                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  46     if p.wait():
  47         if verbose:
  48             return p.stderr.read()
  49         return False
  50     cell = p.stdout.read().split()[-1][1:-1]
  51     p = subprocess.Popen(["fs", "listacl", "/mit/" + locker],
  52                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  53     if p.wait():
  54         if verbose:
  55             return p.stderr.read()
  56         return False
  57     for line in p.stdout.readlines()[1:]:
  58         entry = line.split()
  59         if not entry or entry[0] == "Negative":
  60             break
  61         if entry[1] == "rlidwka":
  62             if entry[0] == user or (entry[0][0:6] == "system" and
  63                                     checkAfsGroup(user, entry[0], cell)):
  64                 return True
  65     if verbose:
  66         return "You don't have admin bits on /mit/" + locker
  67     return False
  68
  69
  70 if __name__ == "__main__":
  71 #    print list(getldapgroups("tabbott"))
  72     print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
  73     print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
  74     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
  75     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
  76     print checkLockerOwner("tabbott", "tabbott")
  77     print checkLockerOwner("tabbott", "debathena")
  78     print checkLockerOwner("tabbott", "sipb")
  79     print checkLockerOwner("tabbott", "lsc")
  80     print checkLockerOwner("tabbott", "scripts")
  81     print checkLockerOwner("ecprice", "hmmt")